package com.itheima.health.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启全局方法权限注解支持
public class CustomerSecurity extends WebSecurityConfigurerAdapter {
    @Autowired
    private CustomerUserDetail customerUserDetail;

    /**
     * @Author: XuZhen
     * @Date: 下午 6:04 2021/3/6 0006
     * @Parms [web]
     * @ReturnType: void
     * @Description: 初始化用户角色信息
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        /*InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> configurer = auth.inMemoryAuthentication();
        configurer.withUser("admin").authorities("ROLE_ADMIN").password("{noop}1234");
        configurer.withUser("zhangsan").authorities("ROLE_01", "add").password("{noop}1234");
        configurer.withUser("lisi").authorities("ROLE_02", "find").password("{noop}1234");*/

        //第二种方式
        auth.userDetailsService(customerUserDetail);
    }

    /**
     * @Author: XuZhen
     * @Date: 下午 6:05 2021/3/6 0006
     * @Parms [http]
     * @ReturnType: void
     * @Description: 初始化资源信息
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin()//使用默认登录
                .loginPage("http://localhost:8080/pages/login.html")//登录页面
                .loginProcessingUrl("/user/login")//登录请求地址
                .defaultSuccessUrl("http://localhost:8080/pages/main.html")//登陆成功后默认页面
                .failureUrl("/login-fail.html")//失败页面
                .failureForwardUrl("/auth-fail.html");//权限不足
        http.logout()
                .logoutUrl("/user/logout")//退出请求地址
                .logoutSuccessUrl("http://localhost:8080/pages/login.html");//退出成功后页面
        http.csrf().disable();//跨站攻击
        http.authorizeRequests().antMatchers("*.js", "*.css").permitAll();//无需登录就可访问
        http.authorizeRequests().antMatchers("*/login.html").permitAll();
        /*
        hasAnyAuthority:有某一项角色或者权限
        hasAuthority:单个角色或者权限
        hasAnyRole: 有其中某一个角色
        hasRole: 单个角色
        authenticated();//登录就可访问
         */
        http.authorizeRequests().antMatchers("/pages/checkitem.html").hasAnyAuthority("ROLE_ADMIN", "add");//ROLE_ADMIN或者add
        http.authorizeRequests().antMatchers("/pages/checkgroup.html").hasAnyAuthority("find");//find
        http.authorizeRequests().antMatchers("/main.html", "/pages/**").authenticated();//登录就可访问
    }
}
